Znc config
Locations
/usr/local/etc/znc(FreeBSD)/var/lib/znc/.znc${ZNC_ROOT} ${ZNC_ROOT}/configs/znc.confznc config ${ZNC_ROOT}/configs/znc.pemprivate key ${ZNC_ROOT}/users/${USER}/user & uzer/network specific znc-mod configurations
Base Config
# config dirs sudo mkdir -p /usr/local/etc/znc/configs sudo chown -r znc:znc /usr/local/etc/znc # create user znc sudo pw useradd -n znc -g znc # bsd sudo useradd -M -g znc znc # linux # interactively create config # port: 1025 # SSL: true # user/pass: <web login> # nick: <irc-nick> # alt: <alt irc-nick> # ident: <irc-nick # real name (optional): # bind host (optional): # setup network: # name: freenode # host: chat.freenode.net # ssl: yes # port: 6697 sudo -u znc znc --makeconf
Base Preferences
https://melody:1025 # web panelOnce it is installed and setup, there isn't much to configure. Mostly you'll want to
* Your Settings > Default Settings > Buffer Size (5000) ## keep a large log of all messages to date * Your Settings > Flags > Auto Clear Chan Buffer (off) ## do not clear messages as soon they have been sent to any client * Your Settings > Flags > Auto Clear Query Buffer (off) ## do not clear messages as soon as they have been sent to any client
SSL Configuration
Certbot
See instructions: https://wiki.znc.in/Signed_SSL_certificate
First, setup a standalone SSL certificate using certbot.
Next, you'll need to generate the
znc.pemby concatenatingprivkey/fullchain.pem.cat /etc/letsencrypt/live/<yourdomain>/{privkey,fullchain}.pem \ > /var/lib/znc/.znc/configs/znc.pemDDNS Solutions
NOTE:
Use ZNC generated SSL cert. I had issues generating my own.
I would prefer to use SSL wherever possible, but using Dynamic DNS is a nono with SSL verification. (invalid hostname error). You have 2x options here:
- entirely disable SSL verification
- use the fingerprint of your invalid SSL certificate (safer!)
Disable SSL (unsafe)
/set irc.server.znc.ssl_verify offUse SSL cert Fingerprint (safer)
# Get SSLcert Fingerpring (on machine hosting znc) openssl x509 -noout -in /usr/local/etc/znc/znc.pem -fingerprint -sha512 | sed 's_:__g' ## prints the fingerprint (without the :s) # Use fingerprint in config (on all weechat clients) /set irc.server.znc.ssl_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b
ZNC Modules
Make sure to checkout znc modules, there are additional security fixes etc that you may find useful.
Add Networks
You may add several networks(comprising of different urls for each server) to ZNC. Each of these networks will be accessed from the machine hosting ZNC, and will be managed by ZNC (so your sessions are saved etc).
libera.chat irc.libera.chat ssl opensource projects freenode chat.freenode.net 6697 ssl legacy opensource projects bitlbee 127.0.0.1 6667 no ssl bridge for discord, skype, etc. (NOTE 6667, not 6697) snoonet irc.snoonet.org 6697 ssl subreddit irc For this example, we'll use snoonet (reddit):
(ZNC) Add Network
from the web-panel:
Networks > Add > network name: bitlbee servers of this IRC: irc.snoonet.org 6667 # +6667 indicates SSL, 6667 indicates non-ssl(IRC) Connect to Network via ZNC
connect using your irc client:# add server /server add snoonet melody.willpittman.net/1025 -ssl -username=will/snoonet # user/znc-netwk-name -password=<password> -autoconnectif using weechat, you'll likely want a different admin page for each server:
/set irc.look.server_buffer independentSee Also:
